HOMELAND SECURITY DEPARTMENT ANNOUNCES DEEPLY FLAWED
REGULATIONS FOR NATIONAL ID SYSTEM
WASHINGTON, DC - Department of Homeland Security Secretary Michael
Chertoff today released the agency's final regulations for REAL ID, the
national identification system. The law was passed in 2005 and will
require the states to make significant changes to the state driver's
license. EPIC and other civil liberties and privacy organizations have
objected to the federal identification system, which will include the
sensitive information of 245 million license and state ID cardholders
across the country.
The proposal has drawn sharp criticism from state governments, members
of Congress, civil liberties advocates, and security experts. The
Secretary scaled back some of the requirements, reduced the cost, and
extended the deadline for state compliance. However, Secretary Chertoff
also indicated that the REAL ID card would be used for a wide variety of
purposes, unrelated to the law that authorized the system, including
employment verification and immigration determination. He also indicated
that the agency would not prevent the use of the card by private parties
for non-government purposes. As part of the cost-saving effort, Homeland
Security has decided not to encrypt the data that will be stored on the
card.
Melissa Ngo, Director of the EPIC Identification and Surveillance
Project, said, "REAL ID creates a United States where individuals are
either 'approved' or 'suspect,' and that is a real danger to security
and civil rights."
The REAL ID proposal has been widely criticized. Seventeen states have
passed legislation against REAL ID, and Congress is debating its repeal.
The Department of Homeland Security has also been criticized for its own
poor security practices. In May 2007, a Homeland Security office lost
the personal data of 100,000 employees.
According to security expert Bruce Schneier, "Measures like REAL ID have
limited security benefit. Identification systems are complex, and the
unforgability of the plastic card is only a small part of the security
equation. Issuance procedures, verification procedures, and the
back-end database are far more vulnerable to abuse, and -- perversely --
a harder-to-forge card makes subverting the system even more valuable.
Good security doesn't try to divine intentionality from identification,
but instead provides for broad defenses regardless of identification."
EPIC is a public interest research center in Washington, D.C. EPIC was
established in 1994 to focus public attention on emerging civil
liberties issues and to protect privacy, the First Amendment, and
constitutional values. In 2007, EPIC led a grassroots coalition of
organizations and bloggers that urged the Department of Homeland
Security to withdraw the REAL ID plan.
More information is available at:
http://www.epic.org/privacy/id_cardshttp://www.privacycoalition.org/stoprealid/